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ABSTRACT 



A radio (100) transmits and receives encrypted signals 
having unencrypted key identifiers, allowing other ra- 
dios having the corresponding key identifiers and en- 
cryption keys to communicate with radio (100). Prior to 
transmitting an encrypted message, radio (100) selects a 
unique key identifier automatically and uses the corre- 
sponding encryption key to encrypt the message that 
will be transmitted. Radio (100) transmits the key identi- 
fier in an unencrypted format with the encrypted mes- 
sage in order to allow other radios to determine the 
encryption key used in encrypting the message. When 
receiving an encrypted message, radio (100) uses the 
predetermined process stored in the radio (100) to prop- 
erly select the proper encryption key for use in decrypt- 
ing the incoming message. 

5 Claims, 3 Drawing Sheets 
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selects from among the plural itv of stored kev identi- 
""^^^i^^^^jr^^^ SELECTION FOR fiers the key identifier which is o L used to ^^^^^^ 
ENCRYPTED RADIO TRANSMISSIONS decrypt the received encrypted message. 

xprHvin A r CTCT n ^" another aspect of the present invention a receiver 

it^rtJNU^AL txtiLU 5 capable of receiving encrypted messages having unen- 

This invention relates generally to communication crypted key identifiers is disclosed. The receiver in- 
devices, and more specifically to radio frequency com- eludes a storage means for storing a plurality of encryp- 
munication devices utilizing encryption. tion keys each having a corresponding unique key iden- 

RArifrpnTTMPk ,n * selection means for automatically selecting 

UAL^i^OKUUiNiJ 10 from among the plurality of encryption keys the en- 

As the need for protecting sensitive information cryption key which is to be used to properly decrypt 
which is transmitted over radio communication systems the received message. The receiver also includes a de- 
increases, better ways of protecting radio signals from cryption means for decrypting the encrypted message 
eavesdroppers, becomes more of a concern for individ- using the encryption key selected by the decoding 
ual radio users. In communication devices where pro- means, 
tection of voice/data messages is important, a system 

Uke the Motorola Digital Voice Protection System can BRIEF DESCRIPTION OF THE DRAWINGS 
be added to individual radios. The Digital Voice Pro^ FIG. 1 shows a block diagram of a radio in accor- 
tection System is an encryption system that converts an dance with the present invention 
analog communication signal into a digital bit stream 20 FIG. 2 is a block diagram of a typical communication 
and then scrambles (encrypts) the digital bit stream with system in accordance with the prcLnt invention, 
a technique to which ori y the sender and authonzed piG. 3A shows a way of dynamically changing the 
receivers are given **keys*^ which allow the signals to be ^adio encryption key during the course of a rX con! 
decrypted. If an eavesdropper tries to listen to the con- ^ersation in accordance wifh the present invent o^^^^ 
versations on this type of system, the encrypted mes- 25 p,^ c^^^«^ JfT '"''f ""^"- 

sages will be able to be received by the eavesdropper, .„f £ rJnS r^rltft^^^ "^^r^" 
but the messages will sound like pseudorandom noise 'i.^t^^^^^^ ^7 dunng the course of a 

unless the eavesdropper has the proper key to decrypt ^^^^^^^^^^^ accordance with the present in- 

the message. 

Security concerns in recent years have pushed the 30 DETAILED DESCRIPTION OF THE 

state of the art in radio communications to the point that PREFERRED EMBODIMENT 

today some communication devices now have multiple _ 

key and/or multiple encryption algorithm capabilities . Refernng now by characters of reference to the 
(e.g., DES-XL TM and DVP-XL tm , both trademarks drawings and first to FIG. 1, a block diagram of a radio 
of Motorola, Inc.). These communication devices trans- 35 ^^^^ ^ ^ portable radio capable of operating in an 
mit an unencrypted key ID field prior to transmitting encrypted mode is shown. Radio 100 includes a receiver 
the encrypted message in order to inform any receiving ineans, such as receiver 114, which is used for receiving 
radios as to the encryption selected for the particular information from other communication devices and 
transmission. The receiving radios then automatically systems. An antenna switch 110 selectively couples 
select the encryption to use in order to decrypt the 40 antenna 112 to either the receiver 114 or a transmitter 
incoming messages and can also by having transmh depending on the state of radio 100. Both receiver 

hangtime capabilities transmit back to the originating and transmitter 108 are of conventional design as 

radio with the newly selected encryption. known in the art. When receiving a message, an incom- 

The above mentioned radios unfortunately only give ^"^8 radio frequency signal is routed from antenna 112 to 
radios the capability of using multiple encryptions. 45 receiver 114 where the signal is decoded. The signal is 
When a radio user wants to originate a new transmission then sent to controller 126 where the controller deter- 
using a new encryption from those found in his radio, he mines if the signal is encrypted. If the signal is en- 
has to manually select the new encryption. A need crypted, controller 126 sends the signal via bus 136 to 
exists for a radio which can dynamically change the encryption circuit 134 where the signal is decrypted and 
encryption used in encrypting a message sent by the 50 sent back via bus 136 to controller 126. Voice messages 
radio on a transmission per transmission basis, thereby are routed back to receiver 114 where the signal is then 
offering an even higher standard of security for radio sent via line 118 through audio amplifier 120 where the 
users. A need also exists for a receiver which can prede- voice signal is amplified and presented to speaker 124. 
termine the encryption that will be used by radios in Controller 126 can control the volume of the output 
transmitting future transmissions^ 55 audio signal by adjusting the gain of amplifier 120 via 

SUMMARY OF THE INVENTION ^^I'^Sfn^^Zt^r''''''"' " 

The radio includes a storage means for storing a plu- Preferably, encryption circuit 134 includes a plurality 

rality of encryption keys each having an assigned corre- of encryption keys and encryption algorithms which 

sponding unique key identifier and a selection means for 60 are stored in a storage means such as memory locations 

automatically selecting one of the key identifiers prior which are part of radio controller 126, the storage 

to the transmission of a message by the radio's transmit- means can also be part of encryption circuit 134 if so 

ter. The radio also includes an encryption means for designed. Radio 100 can choose between the different 

encrypting the message to be transmitted using the encryptions keys and algorithms in order to automatic 

encryption key corresponding to the key identifier auto- 65 cally switch the encryption which is utilized on a trans- 

matically selected. The radio's receiver means receives mission by transmission basis. Encryption circuit 134 

encrypted messages having unencrypted key identifiers acts as the encryption means during radio transmissions 

appended, and a second selection means automatically and as the decryption means when radio 100 is receiving 
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encrypted messages. Consequently, the encryption key tion of controller 204. Also normally included as part of 

can be used for both encryption and decryption. controller 204 is a video display and keyboard in order 

Controller 126 is in charge of coordinating the over- to allow the central control operator to communicate 

all activities of radio 100 including the control of both with the system. 

transmitter 108 and receiver 114. Controller 126 prefer- 5 The signals which are sent from the central controller 
ably comprises a conventional microprocessor or mi- 204 to the subscriber units over the control channel 202 
crocontroller, having on-chip memory, I/O lines, and are typically called outbound signalling words 
the capability for external memory device interfacing. ("OSW's"). The control signals going from radios 100 
In the present invention, controller 126 also controls the to the central controller 204 are called inbound signal- 
dynamic changing of encryptions keys by informing 10 ling words (ISW's). OSW's for example, inform particu- 
encryption circuit 134 when to load in a new encryption lar radios 100 as to when to change channels automati- 
key in order to decrypt an incoming message or encrypt cally, so as to allow them to communicate with other 
a message which is to be transmitted. Radio 100 can be members of the same radio group over an assigned 
a conventional radio, trunked radio, or other type of voice channel 206. 

radio as known in the communication art. Radio 100 15 An example of a typical trunked conversation will 

can also be a conventional analog transmission radio begin by one radio 100 in group "A" pressing PTT 

(FM), or can be a radio capable of digitally transmitting which automatically sends an ISW over the control 

information (i.e. linear modulated, etc.) channel 202 to the central controller 204 requesting a 

If radio 100 is a trunked radio operating in a trunked voice channel grant (allocation of one of the voice 

radio communication system such as that shown in 20 channels 206). Once the request comes in, central con- 

FIG. 2, controller 126 controls the switching of fre- troller 204 decides which voice channel 206 to assign 

quencies for both the transmitter 108 and receiver 114 and transmits an OSW via control channel 202 back to 

depending on instructions which would come from the radios 100. The OSW will inform all radios 100 in group 

trunked system central controller 204 (shown in FIG. **A" to move to repeater No. 2 for example, at which 

2). 25 point all the radios in group "A" will move to that 

In order for radio 100 to transmit a voice message, repeater to begin their conversation. Although FIG. 2 

PTT switch 132 is activated by the radio user, which in shows a trunked communication system, the present 

turn activates the transmitter means such as transmitter invention can operate in many types of communication 

108 via a signal coming from controller 126 on bus 128. system including but not limited to cellular systems, 

During a normal voice transmission, the radio user 30 conventional radio systems, and system using embedded 

speaks into microphone 102 which converts the audio signalling on the RF channel. 

signals to electrical signals which are in turn amplified In FIG. 3 A there is shown a way of automatically 

by amplifier 104. Amplifier 104 has gain adjustment changing the radio's encryption during the course of a 

capability via line 130, which is controlled by controller radio conversation in accordance with the present in- 

126. The amplified signal is then fed to transmitter 108 35 vention. FIG. 3A shows a typical encrypted conversa- 

which convens the signal to a radio frequency signal tion as disclosed in the present invention. Each time a 

and transmits the signal via antenna switch 110 to an- radio 100, either unit #1 or #2 sends a transmission, a 

tenna 112. If the transmission is required to be en- new encryption (new key and/or algorithm), which 

crypted. the signal is routed via bus 140 to the encryp- will be hereinafter referred to simply as "encryption 

tion circuit 134 prior to its transmission, where it is 40 key", will be used to encrypt the next message to be 

there encrypted and sent back to transmitter 108 for transmitted. Each time a radio sends a transmission, a 

transmission. different encryption key identifier can be randomly 

In FIG. 2 a block diagram of a typical communica- selected from among a group of key identifiers repre- 

tion system which can use the present invention such as senting the encryption keys stored in the radio's encryp- 

a trunked radio communication system is shown. The 45 tion circuitry 134. The key identifier is simply a number 

radios or subscriber units 100, which are part of system or other designation assigned to an encryption key and 

200, communicate over a control channel 202 with the is in no other way related to the encryption key itself 

control resource such as system central controller 204 The encryption key associated with the chosen key 

in order to receive status and control information from identifier is then used to encrypt the message to be 
the central controller 204. In communication systems 50 transmitted, which is done by the encryption circuit 

which are not trunked, the control resource can be a 134. Preferably, the plurality of unique key identifiers 

base station or other similar communication devices, or and encryption keys can be stored in a storage means 

in a system having only radios the control resource can which can be in radio controller 126. The data relating 

be the embedded signalling sent by the individual radios to the chosen encryption key can then be sent over bus 
themselves. The system central controller 204 acts as 55 136 to encryption circuit 134. Another alternative is to 

the system coordinator and is responsible for assigning have the list of key identifiers stored in controller 126 

radios in the same groups to different repeaters 206 and the encryption keys stored in encryption circuit 

(voice channels) so that they may communicate 134. 

amongst each other whenever a request from one of the Controller 126, which acts as the radio's control 
groups comes into the controller. The central controller 60 means has a first selection means such as a conventional 
204 is also responsible for knowing where each of the random number generation algorithm stored in the con- 
radios are located (i.e. what voice channel) and for troller's memory which is executed by controller 126 in 
controlling other features typically found in a modem order to randomly determine the next key identifier to 
trunked communication system (e.g. handling phone select for tise by the encryption circuit 134 in encrypt- 
patches, coordinating groups of radios in emergency 65 ing the message to be transmitted. Once a key identifier 
situations, etc). The typical central controller 204 in- is automatically selected, controller 126 sends the corre- 
cludes a main processing unit such as a computer with spending encryption information data (e.g. new encryp- 
appropriate control software which controls the opera- tion key dato) via bus 136 to encryption circuit 134 so 
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SvnHon VlrrT^Z ^^^^^^ 1"^*° "^^^'^ Hiessage going out over the air. Radio unit 

r™?iJr^^^^^ ^ \ #2 receives the key identifier transmitted by radio unit 

Controller 126 upon selecting a key identifier sends a # I and then uses the unencrypted key identifier to load 

message over bus 136 to encryption circuit 134 inform. the appropriate encryption key into its encryption cir- 

tV^.T^^T'' TTr "^n"' ' ^ "^'^'^ ^Wpted message wJ^ch 

selected. The key identifier basically acts as a pointer follovi^s. 

allowing encryption circuit 134 to choose the correct FIG. 3A then shows radio #2 loading encryption key 

encryption key from among the plurality of encryption "B^ transmitting the key id information to unit #1 

keys stored m encryption circuit 134 or if the encryp. followed by an encrypted message encrypted with en- 
tion keys are stored m controller 126 the data (i.e. en- 10 cryption key "B". Radio unit #1 then receives the kev 

cryption mformation) is sent via bus 136 and loaded into identifier information and loads the appropriate encrvtJ. 

encryption circuit 134. Preferably, encryption circuit tion key in order to decrypt the message. This routine U 

134 comprises one encryption algorithm in the form of followed by each radio prior to each radio transmitting 

an encryption hybnd. for example DES-XL, which is a message. Changing the encryption key that is used to 

loaded with the encryption key that matches the key 15 transmit a message every time a message is transmitted 

Identifier selected. The selected key is loaded into the adds a higher level of security to the radio transmis- 

encryption hybnd from memory locations that are also sions. by forcing any would be eavesdropper not onlv to 

part of the encryption circuit 134 allowing for the algo- be able to decipher not one encryption ke^but many in 

nthm to become scrambled with that particular key order to intercept ongoing radio transmissions Byauto- 

pattem. A more sophisticated embodiment of the pres- 20 matically selecting the key identifier to use on a trans- 

ent invention can have encryption circuit 134 support a mission per transmission basis the radio user does not 

P *'''^'"P^^' ^ES^XL have to preoccupy himself with manually changing 

and DVP-XL. In this particular case, the key identifier encryptions. 

selected by the controller 126 informs encryption cir- In FIG. 3B a similar transmission sequence as in FIG 

cuit 134 which encryption hybrid to select and then 25 3A is shown except this communication sequence has 

which key to load into the selected hybrid. In this par- been modified to reduce the delays caused in FIG 3A 

ticular case the key identifier points to a particular by the radios having to decode the key identifier infor- 

encryption algonthm and key combination. mation each time the radios began receiving informa- 

Radio 100 transmits the key identifier which is se- tion. The delays in FIG. 3A are caused because it is 
lected. m an unencrypted format prior to the encrypted 30 assumed that radios 100 randomly select a key identifier 
message bemg transmitted. The radio units 100 receiv- prior to any radio transmissions. This causes the radios 
mg the encrypted transmission also have the same set of that are receiving the message to first decode the kev 
encryption keys and corresponding key identifiers identifier in order to load in the proper encryption kev 
stored. Upon receiving the unencrypted key identifier, to decrypt the incoming message. In FIG 3B the radios 
the receivmg radios 100 decode the unencrypted key 35 instead of using a random encryption key generation 
Identifier by using a decoder means such as a conven- protocol, use a predetermined encryption key selection 
tional decoding algonthm stored in controller 126 program which is stored in each radios controller 126 
which decoded the unencrypted key identifier. Once By having each radio in a system use the same encrypt 
the received key identifier is decoded, a second selec- tion selection algorithm (both receiving and transmit- 
tion means included in controller 126 in the form of a 40 ting radios), normally only the first transmission se- 
comparison program, finds the corresponding key iden- quence will require any delay in decoding the key iden- 
tifier stored m the radio. Once the correct key identifier tifier information. After the first cycle all of the radios 
is located, the corresponding encryption key is loaded know the encryption key which will be used to encrypt 
mto encryption circuit 134 in order to decrypt the en- the following message, thereby allowing the radios to 
crypted message which accompanied the decoded key 45 load in the new encryption key information prior to any 
Identifier. Each radio 100 m communication system 200 radio transmitting or receiving any information The 
has a list of identical encryption keys each having the decoding of the key identifiers need only be done by 
corresponding unique key identifier, thereby allowing radios which are not "in synch" with the predetermined 
radios 100 to transmit and receive to each other using selection process (i.e. do not know the next encryption 
different encryption keys on a transmission per trans- 50 which will be used). If the predetermined selection 
mi^ion basis. ^ . , . ^. Process chosen repeats a key identifier more than once 

When unit # 1 has its PTT switch activated, the radio pnor to the algorithm cycling one time through it will 

automatically selects a key identifier from the available require receiving radios 100 who are just comiiig into 

hst of key identifier's stored in encryption circuit 134, the system to receive two or more key identifiers in 

this can be done using a conventional random genera- 55 order to property determine the place in the predeter 

tion program stored in controller 126 or a predeter- mined sequence the radios in the system are presently 

mmed selection process (selection program) also stored at. This will cause a slight delay in radios just cominff 

m controller 126. The automatically selected key identi- into the system in havmg to properly decode the key ID 

ficr information can then be sent over bus 136. The a few times until the new radio can begin usin/the 

encryption (traffic key), which is related to the selected 60 predetermined algorithm automatically The prepro 

key identifier is then selected in order to encrypt the grammed encryption key sequence can be as simple as 

radio transmission which follows. This is done by load- an algorithm stored in controller 126 that uses the next 

mg the appropriate encryption device (i.e. DES-XL) key identifier in a key identifier list, or can be a more 

which is part ofencryption circuit 134 with the selected complex algorithm repeating the key identifiers in a 

key. As soon as encryption circuit 134 has decided 65 complex manner. 

which encryption key to use for encrypting the mes- As is shown in FIG. 3, radio unit # 1 loads encryption 

sage, the key identifier information is relayed to trans- key "A" and the radio then follows the standard routine 

mitter 108 which transmits this information prior to the of transmitting the unencrypted key identifier informa- 
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tion followed by the encrypted message which is en- 
crypted.with the encryption corresponding to key iden- 
tifier **A". Radio unit #2 receives the unencrypted key 
identifier which is decoded and then unit #2 compares 
the presently loaded encryption to see if the key identi- 5 
fier of the presently loaded encryption matches the 
decoded key identifier. If the key ID's do not match, the 
radio automatically loads the encryption associated 
with the decoded key identifier by running a compari- 
son program with the list of encryption keys the radio 10 
has stored in controller 126. After the key identifier is 
loaded, the encrypted message that follows is de- 
crypted. In this new method of selecting the key identi- 
fier as shown in FIG. 3B, both radios load key **B** after 
the first transmission call has dropped, since this is the 15 
next key which is to be loaded according to their prede- 
termined identifier selection process which all radios in 
the system follow, Since both radios follow the same 
predetermined key identifier selection process, there is 
no delay associated with key identifier decoding and 20 
key loading as was the case in FIG. 3A, once the radios 
come in "synch'* with the predetermined key identifier 
selection process. 

Radios 100, which go out of range or have been 
turned ofT, can automatically synch with other radios in 25 
the group since the key identifier is sent prior to every 
transmission in an unencrypted format. The synch up 
procedure requires a key identifier to be decoded using 
the decoding means which is in controller 126, and then 
the proper key needs to be loaded, after which the radio 30 
100 will be able to follow the predetermined key identi- 
fier selection process which all radios 100 are following. 
For example, radios 100 in system 200 could all be using 
key identifiers "A", "B", "C, and "D" each identifier 
pointing to a different encryption key and all the radios 35 
100 using a predetermined process which follows the 
sequence of "D*\ *'B", **A'\ and **C", in that panicular 
order. A radio first coming into system 200 would only 
have to decode the first key identifier in order to deter- 
mine the next key identifier (and encryption key) which 40 
will be used in the next transmission by any radio 100 in 
that particular radio group. A trunked radio system like 
that shown in FIG, 2 could have each of the radio 
groups utilizing a different unique predetermined selec- 
tion process for all radio group voice traffic transmis- 45 
sions. 

In summary, the present invention illustrates how to 
increase the overall security of radio communications 
by utilizing radios which can automatically change the 
encryption being used to encrypt transmissions on a 50 
transmission by transmission basis. By transmitting an 
unencrypted key identifier prior to the encrypted trans- 
mission all other radios which have the correct key 
identifier can decrypt the message. Since the key identi- 
fiers have no relationship to the encryption key being 55 
used except for their use in pointing to the location of 
the corresponding encryption key in the individual 
radios, an eavesdropper could no use for the key identi- 
fier if he were able to decode it. By using more than one 
encryption key to encrypt transmissions a higher level 60 
of security can be had for individual communications. If 
an eavesdropper were able to decipher one of the en- 
cryption keys he still would only be able to listen to a 
very short piece of a conversation, since most of the 
transmissions would be using a different encryption key 65 
to encrypt the transmissions. By also using a predeter- 
mined encryption selection process which is utilized by 
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all radios in a system, all radios can automatically know 
what encryption will be used for the next transmission 
by any particular radio. By using the predetermined 
selection process, very little delays are encountered in 
automatically switching encryptions on a transmission 
per transmission basis. Which makes the overall com- 
munications more secure and does not add delays to the 
radio transmissions. 
What is claimed is: 

1. A method for transmitting encrypted messages 
between first and second radios, each of the radios in- 
cluding a plurality of encryption keys each having a 
unique key identifier, each of the first and second radios 
also each having an encryption key selection program, 
the method comprising the steps of: 

at the first radio: 

selecting a key identifier from among the plurality 
of key identifiers; 

encrypting a message that is to be transmitted to 
the second radio using the encryption key which 
corresponds to the selected key identifier; 

appending the key identifier to the encrypted mes- 
sage; 

transmitting the encrypted message and key identi- 
fier to the second radio; 

selecting from among the plurality of encryption 
keys a new encryption key using the encryption 
selection program found in the first radio; 
at the second radio; 

receiving the encrypted message from the first 
radio; 

decoding the key identifier sent with the encrypted 
message; 

decrypting the encrypted message using the en- 
cryption key which corresponds to the decoded 
key identifier; and 

selecting a new encryption key using the encryp- 
tion selection program found in the second radio 
which matches the new encryption key selected 
by the first radio. 

2. A method for transmitting encrypted messages as 
defined in claim 1, further comprising the steps of: 

at the second radio: 
encrypting a message to be transmitted to the first 
radio using the new encryption key selected by 
the encryption selection program found in the 
second radio; and 

at the first radio: 
decrypting the encrypted message sent by the sec- 
ond radio using the new encryption key selected 
by the encryption selection program found in the 
first radio. 

3. A method for transmitting encrypted messages as 
defined in claim 1, wherein the selected key identifier is 
transmitted in an unencrypted format with the en- 
crypted message that is transmitted to the second radio. 

4. A method for transmitting encrypted messages as 
defmed in claim 1, wherein the key identifier selected 
by the first radio is randomly selected from among the 
plurality of encryption keys found in the first radio. 

5. A method for transmitting encrypted messages as 
defined in claim 4; wherein the new encryption key 
selected using the encryption selection program found 
in the first radio is dependent on the randomly selected 
key identifier. 

• * • * • 
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